TY - GEN
T1 - Automatic clustering of attacks in intrusion detection systems
AU - Shojafar, Mohammad
AU - Taheri, Rahim
AU - Pooranian, Zahra
AU - Javidan, Reza
AU - Miri, Ali
AU - Jararweh, Yaser
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/11/1
Y1 - 2019/11/1
N2 - Intrusion Detection Systems (IDSs) can identify the malicious activities and anomalies in networks and present robust protection for these systems. Clustering of attacks plays an important role in defining IDS defense policies. A key challenge in clustering has been finding the optimal value for the number of clusters. In this paper, we propose an automatic clustering algorithm as part of an IDS architecture. This algorithm is based on concepts of coherence and separation. Our automatic clustering algorithms find clusters with the most similarity between the proposed cluster elements and the least similarity with other clusters. The proposed clustering is further optimized by considering two types of objective index functions, and Artificial Bee Colony (ABC), Particle Swarm Optimization (PSO), and Differential Evolution (DE) methods. Comparison of the results obtained with other work in the literature shows improvements in terms of the low average number of evaluations functions, high accuracy, and low computation cost.
AB - Intrusion Detection Systems (IDSs) can identify the malicious activities and anomalies in networks and present robust protection for these systems. Clustering of attacks plays an important role in defining IDS defense policies. A key challenge in clustering has been finding the optimal value for the number of clusters. In this paper, we propose an automatic clustering algorithm as part of an IDS architecture. This algorithm is based on concepts of coherence and separation. Our automatic clustering algorithms find clusters with the most similarity between the proposed cluster elements and the least similarity with other clusters. The proposed clustering is further optimized by considering two types of objective index functions, and Artificial Bee Colony (ABC), Particle Swarm Optimization (PSO), and Differential Evolution (DE) methods. Comparison of the results obtained with other work in the literature shows improvements in terms of the low average number of evaluations functions, high accuracy, and low computation cost.
KW - Automatic Clustering
KW - Intrusion Detection Systems (IDSs)
KW - NSL-KDD
KW - Optimization Methods
UR - http://www.scopus.com/inward/record.url?scp=85082695129&partnerID=8YFLogxK
UR - http://aiccsa.net/AICCSA2019/important-dates
U2 - 10.1109/AICCSA47632.2019.9035238
DO - 10.1109/AICCSA47632.2019.9035238
M3 - Conference contribution
AN - SCOPUS:85082695129
SN - 9781728150536
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
BT - 16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th ACS/IEEE International Conference on Computer Systems and Applications
Y2 - 3 November 2019 through 7 November 2019
ER -